Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php
Vulnerability Description
GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While other fields are sanitized using safe_slash_html(), the slug parameter is written to XML and later rendered in the administrative interface without sanitation, resulting in persistent execution of arbitrary JavaScript. An authenticated administrator can inject malicious script content that executes whenever the affected Components page is viewed by any authenticated user, enabling session hijacking, unauthorized administrative actions, and persistent compromise of the CMS administrative interface.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GetSimple CMS 跨站脚本漏洞
Vulnerability Description
GetSimple CMS是GetSimple CMS开源的一个内容管理系统。 GetSimple CMS 3.3.16版本存在跨站脚本漏洞,该漏洞源于组件功能中对slug字段的用户输入未进行适当的输出编码,可能导致存储型跨站脚本攻击,进而导致会话劫持、未经授权的管理操作或CMS管理界面被持久性破坏。
CVSS Information
N/A
Vulnerability Type
N/A